Achieve ECB Compliance with Tufin.

The Tufin Orchestration Suite provides a centralized, comprehensive solution to implement and maintain the network security requirements needed to comply with the ECB Open Banking/Payment Services Directive (PSD2) mandates

Whitepaper: ECB & Tufin

The Tufin Orchestration Suite can help you meet all ECB network security requirements - across your entire multi-vendor, multi-cloud, hybrid network.

  • Least privilege network connectivity
  • Proof of proper implementation
  • Continuous compliance
  • Recertification

This comprehensive regulation requires a comprehensive automation solution.

Achieve continuous compliance and audit readiness for ECB PSD2 Network Security Requirements

Achieve least privilege network connectivity

Simplify meeting the least privilege requirement with application centric policy management, enabled by automated workflows

Demonstrate proof of proper implementation

Simplify demonstrating implementation by automating the comparison of the least privilege access defined to the access actually enabled

Periodic recertification


Simplify recertification through real-time monitoring and alerts to ensure continuous compliance, combined with robust documentation and reporting

Tufin provides a single, multi-vendor, multi-cloud, hybrid-network automated solution to achieve, demonstrate and manage compliance while alleviating the burden of a manual and error prone approach. Learn how automation can help simplify the ECB network security requirements today.

Background: The regulation driving these requirements, the European Union’s Payment Services Directive 2 (PSD2), was passed in 2007, with security requirements elaborated upon in the European Central Bank Assessment Guide for the security of Internet payment published in 2014. Further guidelines were provided in 2018 in the Guidelines on security measures for operational and security risks of payment services under Directive (EU) 2015/2366. Both documents comprise a core set of security controls for all EU member banks.

All aspects of the Directive that we interpret as applying to network security have been compiled from both sets of guidelines in the Whitepaper available at the top of the page.